Study finds API vulnerabilities continuing issue for digital brands

Default Image

Local File Inclusion attacks racked up 3.3 billion attempted attacks, and Cross-Site Scripting attacks racked up just over 1 billion attempted attacks.

These attacks highlight the continued vulnerability of digital APIs, which put many digital businesses at higher security risks. Other interesting findings from the report include:

• More than 1 billion credential stuffing attacks were attempted during single-day reporting periods in both January and May 2021
• US-based businesses were the top target for attacks, with nearly 6x more attempted attacks that the UK, which ranked at number two

“From broken authentication and injection flaws, to simple misconfigurations, there are numerous API security concerns for anyone building an internet-connected application,” said Steve Ragan, Akamai Security Researcher and author of the report. “API attacks are both underdetected and underreported when detected. While DDoS attacks and ransoms are are both major issues, attacks on APIs don’t receive the same level of attention. . .but that doesn’t mean they should be ignored.”

More data from Akamai’s State of the Internet report can be accessed here.



Kristina Knight is a freelance writer with more than 15 years of experience writing on varied topics. Kristina’s focus for the past 10 years has been the small business, online marketing, and banking sectors, however, she keeps things interesting by writing about her experiences as an adoptive mom, parenting, and education issues. Kristina’s work has appeared with, NBC News,, DisasterNewsNetwork, and many more publications.